Autodiscover with One Domain and Multiple Subdomains

This post was created with Zentura IT, Danish Citrix Partner, they specialize in the entire Citrix product portfolio.

Customers are demanding, and thank goodness for that!

That helps us, as IT-consultants, to explore new possibilities with the products we know, and even new products to find solutions to our customers’ headaches.

Luckily for this customer, they already had chosen Zentura IT (which happens to be very NetScaler-savvy) as their partner , so there was no need for new tools … just MORENetScaler.

Customer X is a franchiser company, it has one public domain, and each franchiser has its own subdomain.

Example:

Main domain: company.dk

Subdomain: franchiser1.company.dk franchiser2.company.dk

Each franchiser has their own exchange and lync infrastructure, so users are actually named user1@ franchiser1.company.dk, but they’re not aware of that. The users think they are named user1@company.dk

This can be a problem when trying login on Lync (Skype for Business) or Outlook, since they use autodiscover. Autodiscover will try and contact the server of company.dk when the user enters credentials user1@company.dk when, in fact, it should contact franchiser1.company.dk

Lync will still work … but only the voice part. All integration to MS UM is disabled if autodiscover doesn’t work.

According to the creators of Lync and Outlook, this is unfixable!

Fortunately for us, NetScaler has all the required functionality to make this work. This is another good reason to use NetScaler as a frontend to your Microsoft Applications. (remember to check out the the latest deployment guides for MS apps here)

The solution:
Intercept the autodiscover request, pick the user credentials, ask an external database to where this user belongs, redirect them to the right server.

How was this implemented:
When the autodiscover starts it generates a HTTP request that looks like the following:

The important part of this HTTP request is the X-AnchorMailbox header, which contains the username/email address/UPN

Whenever a request comes in with the X-AnchorMailbox we need to invoke a HTTPcallout that looks up in an external database and gets the correct url that the client should contact for the meta data. This is done with a responder policy.

Possible workarounds:
Outlook: You can manually enter the server information, that requires an good manual, or good users.
Lync: You need AutoDiscover, there is no workaround if you want proper integration. You need NetScaler!